2018.05.18 14:41:07 (997457051306557441) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (997441074749759488):
Internally, libpqcrypto has some support for X25519 (labeled "notpq"). There are many obvious ways to provide hybrids at various layers, and we're still deciding which options are best. Anyway, other libraries are welcome to copy the safe interface design.
2018.05.18 13:14:16 (997435193903472641) from "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)", replying to "Matthew Green (@matthew_d_green)" (997434846652846081):
Is "janky" a technical criticism?
2018.05.18 13:16:02 (997435638566850560) from "Matthew Green (@matthew_d_green)", replying to "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)" (997435193903472641):
It’s a corollary of “sucky”. But seriously, OpenSSL public key encryption is bad.
2018.05.18 13:26:12 (997438199227211776) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (997435638566850560):
libpqcrypto (https://libpqcrypto.org) includes a simple command-line interface designed to prevent common security failures: everything aims for CCA2, verification failures produce empty output in case errors are ignored, etc. But still needs consttime + tons of security review.
2018.05.18 13:37:38 (997441074749759488) from "Matthew Green (@matthew_d_green)":
Does it also support non-PQ crypto like NaCL? In a secure composition so you get the security of both ECC and [chosen PQ algorithm]? Cause that would be neat.